The passive aggressive password strength meter


We’re all familiar with websites that try to help you choose a stronger password - grading it weak, average or strong.

Twitter password

By the way, they’re not always great judges of whether a password is really strong or not.

For instance, some password strength checkers consider any password with more than X number of characters to be strong, even if they are the same character repeated over-and-over again, or even if the password is 1234567890.

And some of the password strength checkers built into websites won’t check if your password is an obvious common choice like passw0rd.

Hopefully, by now, you have recognised that it’s better to get a password management utility like 1Password, KeePass or LastPass to generate random, complex passwords for you… and then remember them securely, so you don’t have to.

If you have configured those tools properly, you should never again experience a website being rude about the quality of your password.

But, if you hanker for the old days, you might like this.

PaP is The Passive Aggressive Password Machine, a neat website created by New York-based web designers Tim Holman and Tobias van Schneider.

What I liked about PaP is its caustic collection of putdowns which will happily insult the quality of your passwords until the cows come home.

Passive aggressive password meter

Obviously, I don’t recommend entering your real passwords onto the site - but it is a bit of fun.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

5 Responses

  1. Sarah

    July 23, 2013 at 4:12 pm #

    Well really - if they’re going to make unkind comments about people’s passwords, the least they can do is spell them correctly. I’m frankly disstressed, dissmayed, and more than a little disstraught.

    • Graham Cluley in reply to Sarah.

      July 23, 2013 at 10:52 pm #

      What’s extraordinary is that they were able to spell “passive aggressive” properly.

  2. Carson

    July 23, 2013 at 10:39 pm #

    Glad to see Zaphod is alive and well and finally getting a Twitter account. Was about time.

    • Graham Cluley in reply to Carson.

      July 24, 2013 at 6:59 am #

      I think he just wants to reassure everyone he’s okay, after that mix-up with Justin Bieber’s car.

  3. Lisa Vaas

    July 24, 2013 at 6:53 am #


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.